Author Topic: Comodo WAF for DirectAdmin  (Read 18317 times)

Offline peterl

  • Newbie
  • *
  • Posts: 12
Re: Comodo WAF for DirectAdmin
« Reply #90 on: January 07, 2018, 03:57:23 PM »
Has anyone had this permission error before?

Debian 8 64bit


Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 112
Re: Comodo WAF for DirectAdmin
« Reply #91 on: January 10, 2018, 05:26:53 AM »
Has anyone had this permission error before?

Debian 8 64bit

Hello peterl. we haven't received such happening before.
Please check the access permissions to file cwaf-wrapper.pl.

Offline peterl

  • Newbie
  • *
  • Posts: 12
Re: Comodo WAF for DirectAdmin
« Reply #92 on: January 10, 2018, 05:35:23 AM »
Code: [Select]
ls -la /usr/local/cwaf/scripts/cwaf-wrapper.pl
---x------ 1 cwaf_plugin cwaf_plugin 9643 Jan  7 10:40 /usr/local/cwaf/scripts/cwaf-wrapper.pl

I also see
Code: [Select]
cp: cannot stat '/etc/httpd/conf/extra/httpd-modsecurity.conf': Permission denied
« Last Edit: January 10, 2018, 03:07:09 PM by peterl »

Offline peterl

  • Newbie
  • *
  • Posts: 12
Re: Comodo WAF for DirectAdmin
« Reply #93 on: January 20, 2018, 09:44:55 PM »
Bump?

Offline peterl

  • Newbie
  • *
  • Posts: 12
Re: Comodo WAF for DirectAdmin
« Reply #94 on: January 22, 2018, 05:38:49 PM »
Think I'll give up on this plugin, no-one seems bothered to try and help......

Can someone tell me how I (manually) disable/whitelist phpmyadmin though
« Last Edit: January 22, 2018, 05:54:33 PM by peterl »

Offline sbrazhnik

  • Newbie
  • *
  • Posts: 6
Re: Comodo WAF for DirectAdmin
« Reply #95 on: January 23, 2018, 12:00:25 PM »
Hello peterl,

Sorry for the delayed reply.

Could you please let us know the DirectAdmin version you are currently working with?

The mentioned permissions issue can be related to DirectAdmin itself. Thus, please try to update it to the latest available version and check whether the issue is still observed.

If the issue is not solved, please increase the application debug level by modifying the /etc/cwaf/main.conf debug directive:
...
- debug="1"
+ debug="11"
...
Then open the DirectAdmin CWAF tab where the warning appears in order to reproduce the issue and provide us with logs located in /var/log/CWAF/.

We look forward to hearing from you.

Offline peterl

  • Newbie
  • *
  • Posts: 12
Re: Comodo WAF for DirectAdmin
« Reply #96 on: January 23, 2018, 12:24:57 PM »
DA version 1.52.1 (latest)

Logs attached

Offline peterl

  • Newbie
  • *
  • Posts: 12
Re: Comodo WAF for DirectAdmin
« Reply #97 on: January 23, 2018, 12:29:16 PM »
Actually, I changed the permissions on the cwaf-wrapper.pl to 755, and now I only get the permission error on the 'httpd-modsecurity.conf'

Offline sbrazhnik

  • Newbie
  • *
  • Posts: 6
Re: Comodo WAF for DirectAdmin
« Reply #98 on: January 24, 2018, 11:36:37 AM »
Hello peterl,

We've checked the provided logs and found out the following:
~~~
23/01/18 17:11:03 index[27959]  INFO: run_shellcmd('cat /etc/webmin/version') RETURN: '1.870'
23/01/18 17:11:03 index[27959]  User-Agent: CWAF_Client/2.21 (Apache/2.4.29; Webmin/1.870) Rules/1.152
23/01/18 17:11:03 index[27959]  Can't load WebminCore module!
~~~

We assume that you have both Webmin and DirectAdmin being installed on your server. According to the logs, CWAF plugin detects the Webmin and tries to proceed with its configurations.
To be able to use CWAF plugin with DirectAdmin and avoid any conflicts, please remove the Webmin from your server.

As to the phpMyAdmin whitelisting, you can try adding the similar rule to the provided below to Custom Rules, press Save and restart your apache service:
SecRule REQUEST_URI "your_phpmyadmin_dir_name" "id:996699,phase:1,nolog,noauditlog,allow,ctl:ruleEngine=Off"

Please find the correspondent screenshot attached.

Furthermore, please be aware that such kind of whitelisting is not safe and it would be preferable creating specific rules to allow those rules which block your activity while using some particular application like phpMyAdmin, etc. rather than allowing everything. The information concerning all performed mod_security events (executed rule ids) can be found in Audit Log.

Should you have any further questions, do not hesitate to ask.

Offline peterl

  • Newbie
  • *
  • Posts: 12
Re: Comodo WAF for DirectAdmin
« Reply #99 on: January 24, 2018, 12:41:56 PM »
Can't I install both Webmin and Directadmin modules?  I need to keep Webmin.

Why is it looking for Webmin when the install script only detected Directadmin?

Offline peterl

  • Newbie
  • *
  • Posts: 12
Re: Comodo WAF for DirectAdmin
« Reply #100 on: January 24, 2018, 04:54:53 PM »
So, I reluctantly removed Webmin (huh)

Unchecked "Enable phpMyAdmin protection on your server. Please check to enable phpMyAdmin protection."
Next
Apply Changes...

Go back to the Protection tab, and it's ticked?

This goes for any option on this tab...... Doesn't it remember what is disabled?

Also, see attached
« Last Edit: January 24, 2018, 05:06:49 PM by peterl »

Offline sbrazhnik

  • Newbie
  • *
  • Posts: 6
Re: Comodo WAF for DirectAdmin
« Reply #101 on: January 25, 2018, 07:41:30 AM »
Hello peterl,

Could you please reload the plugin page and provide us with the logs from /var/log/CWAF/? (with enabled debug)

We look forward to hearing from you.

Offline peterl

  • Newbie
  • *
  • Posts: 12
Re: Comodo WAF for DirectAdmin
« Reply #102 on: January 25, 2018, 08:09:05 AM »
Going to the plugin only populates the cwaf_emergency.log when debug="11"

Offline peterl

  • Newbie
  • *
  • Posts: 12
Re: Comodo WAF for DirectAdmin
« Reply #103 on: January 25, 2018, 11:51:04 AM »
So, reinstalling the rule set via custombuild fixed it all...

I'm a bit sad that it screws up when Webmin is installed though  :-TD

Offline sbrazhnik

  • Newbie
  • *
  • Posts: 6
Re: Comodo WAF for DirectAdmin
« Reply #104 on: January 25, 2018, 11:58:50 AM »
Dear peterl,

> So, reinstalling the rule set via custombuild fixed it all...

Good news. Just was going to suggest you the same.


> This goes for any option on this tab...... Doesn't it remember what is disabled?

The related rules will be unticked on the next Wizard's page - Protection Tree (see screenshots). The "phpMyAdmin protection" is ticked during next Protection Wizard run by design since not all rules from its group can be disabled/enabled during the previous configuration due to users choice.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek